A prototype agent can be useful with a prompt, a few tools, and a friendly user. A production agent platform needs resumable state, consistent identity, bounded tool execution, review points, observability, and a way for teams to add domain behavior without forking the runtime.
Long-running work needs to resume across pauses, approvals, restarts, and non-sticky routing.
Sensitive tools need checks at the moment they execute, with denial and audit as first-class paths.
Teams should vary workflow knowledge without rebuilding the gateway mechanics.
Different clients can enter through different adapters, but the runtime should receive a normalized request shape and handle state, streaming, tool calls, safety checks, and audit events consistently.
If people can discover what agents can do, some requests will reach tools the caller cannot use. Treating denial as an ordinary product path made the system safer and more usable. The gateway could hand the user to an authz agent that investigated the failed action and explained what approval path was needed.
The model can propose an action, but the gateway decides whether the caller may run it.
A helper agent could inspect the request, identify likely access gaps, and prepare the user for the right approval path.
The agent could advise and route. A sensitive grant still needed a separate human or system approval boundary.
Operational work often starts with one person and finishes with another. The gateway treated collaboration as a runtime concern: preserve the shared context, let a second person catch up, and keep new events attached to the same work thread.